In Boston, Deputy AG Rosenstein picks up call for Encryption Back Doors

US Deputy Attorney General Rod Rosenstein used a speech in Boston to criticize the technology industry’s use of strong encryption which he called “warrant proof,” even as he said law enforcement had no issue with its use.

Deputy Attorney General Rod Rosenstein on Wednesday warned about the risk of so-called ‘dark markets’ that fence stolen identity data and called on technology vendors to provide back doors to their products that would allow law enforcement to gain access to the data stored on them.

Best known as the man who first signed off on the firing of FBI Director James Comey, and then appointed special counsel Robert Mueller to continue Comey’s investigation, Rosenstein’s view on pressing cyber security matters are less well known.

US Deputy Attorney General Rod Rosenstein speaks at The Cambridge Cyber Summit. He raised questions about the use of strong encryption.

But in a speech at the Edward M. Kennedy Institute, Rosenstein continued in the footsteps of Comey, who was a vocal critic of the use of end-to-end encryption in products like laptops and mobile phones and who lobbied Congress for language to require the use of so-called “back doors” in encryption that could be used by law enforcement to recover sensitive data.

The Keyword is ‘Dark’

Speaking of the problem of cyber criminal “dark” markets for stolen data, malicious code, fake identity documents and contraband, Rosenstein pivoted to the problem of cyber criminals encrypting their communications.

“Dark markets are one of the worst examples of a broader problem that we know is going dark,” Rosenstein said. “Increasingly, technology frustrates the traditional law enforcement efforts to collect evidence that’s needed to protect public safety and solve crimes.”

Rosenstein cited instant messaging services like WhatsApp and Telegram that “encrypt their messages by default, thereby blocking the police from reading those messages, even if an impartial judge authorizes their interception.”

Smart phone makers, also, used to “maintain the ability to access data stored on…phones when ordered by a court to do so,” Rosenstein observed. “But some of those companies made a conscious decision to engineer away that critical capability.”

The use of modern encryption schemes that cannot be broken “threatens to destabilize the balance between privacy and security that has existed for two centuries,” he said.

Not just Strong – but ‘Warrant Proof’

Rosenstein stepped back from prior calls for encryption back doors – at least rhetorically, saying “we in law enforcement have no desire to undermine encryption.” But he charged technology companies that use strong encryption with “reset(ting) a constitutional balance” between private citizens and law enforcement that should be subject to review by citizens and their elected representatives. “People should understand the consequences of warrant-proof security,” he said.

But at least one expert wondered whether his criticism of “warrant-proof encryption” as “a serious problem” and calls for a technology fix for it are distinguishable from the positions of Director Comey or others who have advocated the weakening of cryptographic standards to allow law enforcement to view encrypted data in the clear on request.

“It was no different than what we’ve heard earlier,” wrote cryptographer and author Bruce Schneier. “It was the basic line that law enforcement really likes encryption, but not when it works too well.”

Rosenstein “pretended that there must be a way to have strong encryption against hackers, terrorists, and foreign governments that somehow magically turns weak in the presence of a warrant,” Schneier said.

Schneier said Rosenstein’s claim that the challenges presented by modern, strong encryption are wholly new are also false. “As if it wasn’t always possible to destroy evidence by shredding it, burning it, throwing it in the ocean, or speaking privately and letting the words disappear as soon as they’re spoken,” Schneier said.

Cryptography is an expression of mathematical truths that aren’t subject to political or legal considerations,”as if the mathematics of cryptography is some affront to the legal process,” Schneier argued.

Author: PaulI'm an experienced writer, reporter and industry analyst with a decade of experience covering IT security, cyber security and hacking, and a fascination with the fast-emerging "Internet of Things."